본문 바로가기
Office 365/Teams

[Teams] Teams 게스트 사용자 초대 제한 정책

by (주)엠플 2021. 9. 6.

■ 문서 개요
Teams의 팀에 게스트(외부 사용자) 초대 금지 및 허용된 팀에 대해서만 게스트 초대 허용 설정 방법에 대해 기술

■ 설정 방법
1. 모듈 설치 
- AzureADPreview 모듈 설치

Install-Module AzureADPreview

 
- MicrosoftTeams 모듈 설치

Install-Module MicrosoftTeams


- ExchangeOnlineManagement 모듈 설치

Install-Module ExchangeOnlineManagement

  
2. Microsoft 365 접속
- AzureAD 접속 (전역관리자 계정으로 접속)

Connect-AzureAD


- ExchangeOnline 접속 (전역관리자 계정으로 접속)

Connect-ExchangeOnline

 
- MicrosoftTeams 접속 (전역관리자 계정으로 접속)

Connect-MicrosoftTeams

 

3. 기존 그룹의 게스트 접속 권한 확인

Get-UnifiedGroup | ft PrimarySMTPAddress,  AllowAddGuests, DisplayName 

 
4. 그룹의 게스트 접속 권한 제거 (모든 게스트는 그룹에 초대될 수 없음)
- 명령어

$groupID = Get-UnifiedGroup -ResultSize Unlimited | Select-Object -ExpandProperty ExternalDirectoryObjectId
Foreach ($Groups in $GroupID) {
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowAddGuests"]=$False
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groups -DirectorySetting $settingsCopy} 


5. 그룹의 게스트 접속 권한 확인

Get-UnifiedGroup | ft PrimarySMTPAddress,  AllowAddGuests, DisplayName 


 

6. 특정 그룹의 게스트 접속 권한 허용

$GroupID = get-unifiedgroup -Identity <Insert SMTP or Identity> | Select-Object -ExpandProperty ExternalDirectoryObjectId
$SettingID = Get-AzureADObjectSetting -TargetType Groups -TargetObjectID $GroupID | select-object -expandproperty ID
remove-azureadobjectsetting -id $settingid -targettype Groups -TargetObjectID $GroupID
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowAddGuests"]=$True
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy
- 예시 명령어
$GroupID = get-unifiedgroup -Identity all@eiren.kro.kr | Select-Object -ExpandProperty ExternalDirectoryObjectId
$SettingID = Get-AzureADObjectSetting -TargetType Groups -TargetObjectID $GroupID | select-object -expandproperty ID
remove-azureadobjectsetting -id $settingid -targettype Groups -TargetObjectID $GroupID
$template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified.guest"}
$settingsCopy = $template.CreateDirectorySetting()
$settingsCopy["AllowAddGuests"]=$True
New-AzureADObjectSetting -TargetType Groups -TargetObjectId $groupID -DirectorySetting $settingsCopy

  
7. 그룹의 게스트 접속 권한 확인

Get-UnifiedGroup | ft PrimarySMTPAddress,  AllowAddGuests, DisplayName 


8. 정책 적용 확인
- 게스트 접속 미허용 팀에서 게스트 초대 시 게스트 검색 안됨

 
- 게스트 접속 허용 팀에서 게스트 초대 시 게스트 검색됨

댓글